package org.todo.controller;

import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.portlet.PortletSecurityException;
import org.springframework.web.portlet.handler.HandlerInterceptorAdapter;

/**
 * Interceptor that checks the authorization of the current user
 * @author Matthias Braunhofer
 */
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {

    @Override
    protected boolean preHandle(PortletRequest request, PortletResponse response, Object handler) throws Exception {
        if (ControllerUtil.getUserName(request) != null) {
            return true;
        } else {
            throw new PortletSecurityException("User is not authorized to access the portlet");
        }
    }
}
